By Karl P. Kilb III, CEO, Boloro Global Ltd.
Today, as COVID-19 rocks the world, the importance of digital identity solutions are only emphasized. We are pleased to share a number of guest blogs in the context of the DIACC network, showcasing members with capabilities, solutions and forward-thinking ideas surrounding the pandemic.
Learn more about DIACC member initiatives and identity solutions within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances.
Due to the COVID-19 pandemic, society is moving towards an increasingly virtual lifestyle, as many of our daily activities are now taking place in the digital realm, including online banking and eCommerce. We are all traveling non-stop on an information superhighway that was not built with safety and security in mind, as the Internet was built for mass dissemination of information and not for secure transactions and other risky activity that could allow fraudsters to run rampant with identity theft. We see stories each day about emails being hacked and Operating Systems being subjected to malware, making online activity inherently vulnerable to fraud. Our increased reliance on online activity during the current pandemic highlights these long-standing problems, as SIM Swaps, email hacks, malware, man-in-the-middle attacks and other forms of fraud are all rising dramatically. The decentralization of customer support desks may also be contributing to the ability of fraudsters to wreak havoc on current security systems in place.
So, what can be done to put real security in the hands of consumers?
As activity on the Internet and Operating Systems are increasingly becoming easy prey to sophisticated fraudsters who routinely exploit this single point of failure, we need to consider new approaches to security that avoid such systems. Security should not only be multi-factor, but also multi-channel, eliminating the vulnerabilities of a single point of failure. “In app security” is still touching the inherently vulnerable Internet, meaning its users are still putting all of their eggs in an unstable basket. Out-of-band security is one option that stands as a viable alternative, meaning, when activity is on one channel, authentication should be on a separate channel, providing an independent lock-and-key that cannot be intercepted and compromised.
At a time when the world is increasingly becoming aware of the inherent vulnerabilities of virtual technologies, we are also seeing the dangers of physically touching public Point of Sale devices, ATM keypads, finger scanners, or anything that could spread the virus. During a time of social distancing, conducting multi-factor and multi-channel security safely on one’s own device is an effective approach.
Along with data protection and privacy, authentication processes must also be considered. In Europe, for instance, the Payment Services Directive (PSD2) defines Secure Customer Authentication, and the General Data Protection Regulation (GDPR) defines the guidelines for protection of personal data, regardless of the form it might take. There is a need to address both. One way this can be achieved is with a multi-channel approach that provides real security (both what you possess and what you know). Authentication should strive to provide assurance to the question “Is this really you?” without being unnecessarily intrusive in its use of a consumer’s personal data.
At Boloro, we believe that authentication should be multi-factor and multi-channel, separating the security process from the activity itself in order to avoid the vulnerabilities of a single point of failure. Authentication should be secure, user-friendly, instantaneous and compatible with all mobile phones, giving everyone the opportunity to safely, securely and seamlessly participate in the global economy and social media using what should be their most trusted device – their own personal, mobile handset.
We should all strive to work together to make the world safer and healthier, and doing this through secure mobile activity is one of the ways we can work towards achieving this goal.
About the Author: Karl P. Kilb III
Karl P. Kilb III has been the CEO of Boloro Global Limited since October 2016, focusing on the licensing of Boloro Authentication for all forms of identity verification and activity validation. Boloro Authentication is patented in 84 countries and approved by the GSMA, among others. Prior to Boloro, Kilb was a pioneer in data, analytics, media, and electronic trading at Bloomberg LP, serving as General Counsel for more than 15 years. Kilb regularly lectures on identity verification, cyber security, fraud prevention, and welcomes exploring collaboration opportunities.